With the increasing use of biometric systems for identity verification, privacy concerns have also risen amongst users. In a biometric system, such as a fingerprint verification system, information about some physical or behavioural characteristic of a person is stored and used to authenticate that person. The person is not in control of how the information is used. Current biometric systems also have limitations, in that the biometric information is typically unique and unchangeable, so that a user, using the information as a password, cannot have different passwords for different systems, and cannot change the password. This limitation also means once biometric information is lost or stolen it cannot be replaced with new biometric information. The user is also powerless to prevent cross-matching, namely the use of information collected for one system to access other systems or to discover all of the systems/applications being used by a particular individual.
Furthermore, if the system is breached, then the biometric information becomes publicly available and cannot be used again. In this scenario, once the biometric information becomes compromised, all the systems that use it also become vulnerable.
The present invention aims to address the above problem.